Digital Certificate - Use a Code Signing Certificate

This article provides an introduction to the use of Code Signing Certificates (also known as a Software Publishing Certificate), which can be used to digitally sign software.

IT Services provides free Code Signing Certificates via the InCommon Certificate Service. Code signing certificates can be used to digitally sign software executables and scripts. The digital signature can help users of the signed software confirm that the software is genuine by authenticating the source of the software (that is, who published it) and verifying the integrity of the content (that is, the code hasn't been modified since signed).

Uses of Code Signing Certificates include:

  • Microsoft Authenticode

  • Signing Java jar files

  • Signing Adobe AIR applications

Overview of the Process

Once you receive a Code Signing Certificate via email you can immediately begin signing and distributing your software. The typical process for signing code includes using a utility program such as signcode.exe, codesign, or signtool. This utility must meet these minimum requirements:

  • Create a cryptographic hash of your software code.

  • Encrypt the hash using your private key.

  • Create a package containing your code, the encrypted hash, and your code signing certificate.

Specific Code Signing Tools

The specific method for signing your software varies according to what code signing software and environment you are using and is outside the scope of this document. However here are some links to useful starting points to learn more:

Timestamping

The digital signature for your software can be valid beyond the lifetime of your Code Signing Certificate if you use timestamping. This service is provided by Comodo at the URL http://timestamp.comodoca.com/authenticode. For more information please see: Comodo Knowledge Base: "Timestamping"

See Also:

  • Digital Certificate - Request a Code Signing Certificate




  • Keywords:Authenticode, csc, ca, x.509, signature, cert, certificates, x509, code_signing, software_publish, certificate_authority, incommon, comodo, tls, pki   Doc ID:19495
    Owner:James C.Group:University of Chicago
    Created:2011-08-02 19:00 CDTUpdated:2017-06-19 06:36 CDT
    Sites:University of Chicago, University of Chicago - Sandbox
    Feedback:  3   0